CVE-2014-0184
CFME: root password is written to evm.log when entered during VM provisioning
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs the root password when deploying a VM, which allows local users to obtain sensitive information by reading the evm.log file.
Red Hat CloudForms 3.0 Management Engine (CFME) anterior a 5.2.4.2 registra la contraseƱa root cuando implementa un VM, lo que permite a usuarios locales obtener informaciĆ³n sensible mediante la lectura del fichero evm.log.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. The SSH utility script created a world-writable file in /tmp/ using a predictable name, and then executed it as root. A local attacker could use this flaw to execute arbitrary commands as the root user. A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted request.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-06-30 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0816.html | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2014-0184 | 2014-06-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1089131 | 2014-06-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | <= 5.2.4 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version " <= 5.2.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2.1 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2.1.6 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2.1.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2.2 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2.3 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Cloudforms 3.0 Management Engine Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" | 5.2.3.2 Search vendor "Redhat" for product "Cloudforms 3.0 Management Engine" and version "5.2.3.2" | - |
Affected
| ||||||